jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-23 21:07:12 -05:00
Code Issues Projects Releases Wiki Activity

Close invalid repo-sync PRs as part of the repo-sync workflow (#18650)

Browse Source 
* Delete flawed 'close-external-repo-sync-prs.yml' workflow since it won't run for spammy actors
* Add the core logic to close invalid repo sync PRs into a new job within the 'repo-sync.yml' workflow
This commit is contained in:
James M. Greene
2021-04-08 14:42:00 -05:00
committed by GitHub
parent 1881cccb0b
commit 615c4aec8f
2 changed files with 74 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
.github/workflows/close-external-repo-sync-prs.yml vendored
View File

@@ -1,65 +0,0 @@
name: Check for External Repo Sync PR
# **What it does**: If someone made a repo sync pull request other than Octomerger, close it.
# **Why we have it**: Another form of spam in the open-source repository.
# **Who does it impact**: Open-source contributors.
on:
pull_request:
types:
- opened
- reopened
branches:
- main
jobs:
invalid-repo-sync-check:
name: Close external Repo Sync PRs
if: ${{ github.repository == 'github/docs' && github.head_ref == 'repo-sync' }}
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
with:
github-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
script: |
const prCreator = context.payload.sender.login
// If the PR creator is the expected account, stop now
if (prCreator === 'Octomerger') {
return
}
try {
await github.teams.getMembershipForUserInOrg({
org: 'github',
team_slug: 'employees',
username: prCreator
})
// If the PR creator is a GitHub employee, stop now
return
} catch (err) {
// An error will be thrown if the user is not a GitHub employee.
// That said, we still want to proceed anyway!
}
const pr = context.payload.pull_request
const { owner, repo } = context.repo
// Close the PR and add the invalid label
await github.issues.update({
owner: owner,
repo: repo,
issue_number: pr.number,
labels: ['invalid'],
state: 'closed'
})
// Comment on the PR
await github.issues.createComment({
owner: owner,
repo: repo,
issue_number: pr.number,
body: "Please leave this `repo-sync` branch to the robots!\n\nI'm going to close this pull request now, but feel free to open a new issue or ask any questions in [discussions](https://github.com/github/docs/discussions)!"
})

77
.github/workflows/repo-sync.yml vendored
View File

@@ -1,13 +1,18 @@
# The docs.github.com project has two repositories: github/docs (public) and github/docs-internal (private)
#
# This GitHub Actions workflow keeps the main branch of those two repos in sync.
# This GitHub Actions workflow keeps the `main` branch of those two repos in sync.
#
# For more details, see https://github.com/repo-sync/repo-sync#how-it-works
name: Repo Sync
# **What it does**: Syncs docs and docs-internal.
# **Why we have it**: To keep the open-source repository up-to-date, while still having an internal repository for sensitive work.
# **What it does**:
# - close-invalid-repo-sync: Close repo sync pull requests not created by Octomerger or a Hubber.
# - repo-sync: Syncs docs and docs-internal.
# **Why we have it**:
# - close-invalid-repo-sync: Another form of spam prevention for the open-source repository.
# - repo-sync: To keep the open-source repository up-to-date, while still having an internal
# repository for sensitive work.
# **Who does it impact**: Open-source.
on:
@@ -16,7 +21,73 @@ on:
- cron: '*/15 * * * *' # every 15 minutes
jobs:
close-invalid-repo-sync:
name: Close invalid Repo Sync PRs
if: github.repository == 'github/docs'
runs-on: ubuntu-latest
steps:
- name: Find pull request
uses: juliangruber/find-pull-request-action@2fc55e82a6d5d36fe1e7f1848f7e64fd02d99de9
id: find-pull-request
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
branch: repo-sync
base: main
- name: Close pull request if unwanted
if: ${{ steps.find-pull-request.outputs.number }}
uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
with:
github-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
script: |
const { owner, repo } = context.repo
const pr = await github.pulls.get({
owner,
repo,
pull_number: parseInt(${{ steps.find-pull-request.outputs.number }})
})
const prCreator = pr.user.login
// If the PR creator is the expected account, stop now
if (prCreator === 'Octomerger') {
return
}
try {
await github.teams.getMembershipForUserInOrg({
org: 'github',
team_slug: 'employees',
username: prCreator
})
// If the PR creator is a GitHub employee, stop now
return
} catch (err) {
// An error will be thrown if the user is not a GitHub employee.
// That said, we still want to proceed anyway!
}
// Close the PR and add the invalid label
await github.issues.update({
owner,
repo,
issue_number: pr.number,
labels: ['invalid'],
state: 'closed'
})
// Comment on the PR
await github.issues.createComment({
owner,
repo,
issue_number: pr.number,
body: "Please leave this `repo-sync` branch to the robots!\n\nI'm going to close this pull request now, but feel free to open a new issue or ask any questions in [discussions](https://github.com/github/docs/discussions)!"
})
repo-sync:
needs: close-invalid-repo-sync
if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
name: Repo Sync
runs-on: ubuntu-latest